Former Norse Chief Breaks Silence

Following a recent report on the pending demise of threat intelligence firm Norse Corp. by investigative reporter Brian Krebs, former CEO Sam Glines has broken the silence and issued a statement, providing some details into what’s happening at the firm.

In a statement provided in response to multiple inquiries by SecurityWeek, Glines admitted to making mistakes in managing the company, but also contended that Krebs’ report contained inaccuracies.

It is still unclear what the true status of the company is, and if it will survive. However, Glines told SecurityWeek that people are still reporting for work and that the company is still running.

SecurityWeek has asked both Norse and Glines for additional details, and this space will be updated as additional information is recieved.

The statement provided to SecurityWeek by Glines is provided in full:

I’m writing this statement as the co-founder of Norse, not as an employee as I am no longer with the company, as reported.

This past Saturday, an article written by Brian Krebs appeared on his blog krebsonsecurity.com. In this piece, the writer conducted an ‘investigation’ into what happened at Norse as a result of layoffs that took place in January. In this investigation, the writer brought forward information, from over 15 years prior, to the point where a former employee described Norse as a ‘scam’.

It is true that Norse was forced to let go many talented people in January. There were mistakes made by myself that led to these layoffs. Norse was in the latter half of 2015 running at an aggressive monthly burn to put out groundbreaking product and capabilities. Unfortunately, we were building ahead of very near-term revenue. This, coupled with lesser than expected sales in 2H 2015, and the delay in our planned Series B financing led to the perfect financial storm that drove the need to cut back our workforce. And I take full responsibility for these mistakes.

There were inaccuracies in the article. I was never an owner of a shell company, and wouldn’t know the first thing about setting one up. Second, I was not a founder of any of the companies mentioned, aside from Norse. I was an employee of Nexicon for about 18 months. The history presented in the article with respect to Cyco/Nexicon is wrong, yet it is lauded as “investigative journalism.” Unfortunately, none of that information was ever run by any company representative or knowledgeable source for review or verification. If it had been, we would have gladly provided those corrections. All the company ever heard in advance from this blogger (and a few other reporters at the time) was that they wanted to speak with Norse about the January layoffs, and subsequent rumors being spread by sources who wouldn’t be named; another wanted to explore why previous employees had been let go. Norse was open about the fact that the company would not be able to comment on employee issues (even if it wanted to) for privacy reasons.

I do want to address the implication that the company was somehow conducting less than above-board operations. The word ‘scam’ was used as a direct quote from that same former mid-level employee, who was extremely angry after she was let go. The assumption by readers, who trust this blogger, is that if it’s printed, it must be true. That did incredible damage to Norse and every person or entity affiliated with it, not to mention that this terminology is an insult to every employee, former employee, investor, and customer of Norse.

Norse counts customers who purchased product and renewed their annual services because of the incredible value delivered. The company has major enterprises, governments, and multiple defense intelligence agencies as clients. And these clients invest significant financial resources to extract the incredible value that the company’s technology and people bring to bear. Institutional investors conducted deep due diligence on the technology before deciding to invest.

I think constantly about the sacrifices and the effort put forth by all current and former employees who tirelessly and without complaint worked incredibly long, hard hours to put out trailblazing product, market and sell, and provide customer support in the fledgling field of cyber threat intelligence, a market that is still, in my view, relatively immature. I think about our investors who believed in what we were doing and where we were going, and we were exposing significant cyber threats that could not be found elsewhere. Finally, I think about Norse customers, who worked closely with our teams to develop the capabilities that were difference-makers for their teams of intelligence analysts.

Ultimately, I was not able to push the company far enough around the corner to realize the success that I consistently believed was within our grasp. It was incredibly difficult for me to have had to let go employees in January. That is never easy and I take personal responsibility as CEO for that decision and all that led up to it. It was one of the most difficult days of my career.

Prior to this article, however, significant deals were being closed and other strategic discussions underway. But as soon as this article/blog was posted, everything quickly began to fall apart. Deals were terminated or paused. And all this based on what everyone was reading in black and white from one of the most trusted names in security/tech reporting.

A lot of people have been hurt. And, in addition to demonstrating how today’s media can be manipulated by persons to suit their purposes or personal vendettas and how facts can be misrepresented to lead an entire industry astray; the events of this week also show how much power a disgruntled employee can wield on an employer. This isn’t a case of white-collar crime or fraud or anything illegal; this all comes down to someone who was let go, became angry about it, then set about doing some poor ‘investigating’ and piecing together in a way that works for them, and then getting others to join their crusade. This blogger enabled her to be quoted as calling the company a ‘scam’ very publicly. People latch on to things like that, assume they are true, and run with it. Employees aren’t bound by the same restraints, privacy concerns and legalities that corporations are, so in cases like this there’s little a small or mid-sized company can do to defend itself.

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.